Assessing and measuring relevant risks is of vital importance to effectively manage and protect an organization.
The importance of accurate risk measurement has been heightened recently by a greater reliance on suppliers, longer and more complex supply chains, more intense global competition, supply disruptions, increasing regulations, and scrutiny of customers and their expectations, as well as the fast-paced overall business environment. A critical element of the process to assess and measure risk, which helps inform supply management decision-making, is to identify and use the right risk metrics.
Choosing the right risk metrics
One of the more challenging aspects of the overall risk measurement and management process is selecting the best metrics for particular supplier risks. One of the challenges is that there is usually no perfect metric for any particular risk. And typically, whichever metric is chosen, at best it can only serve as a proxy for the actual underlying risk.
In addition, most metrics are inherently backward-looking, relying on the assumption that what happened in the past is a good indication of what will happen in the future. Keep this in mind when choosing which risk metrics to employ. The metrics should facilitate decision-making by procurement professionals, as opposed to making the decisions for them or “predicting” the future.
To assist companies in the earlier stages of their risk metrics journey, check out a list of illustrative metrics of more common types of risk, together with possible sources of data, available to members and non-members in the CAPS Library. If you don’t have a CAPS Library account, you can create one for free now.
Refining your risk metric dashboard
With risk metrics, the more limited a specific risk event is to a supplier, such as a supplier’s financial viability or protection from cyber-attacks, the more defined and objective the metrics tend to be. For this type of defined metrics, organizations can rely to a great extent on their own sources of data, or data they can obtain (in most cases relatively easily) from their suppliers. However, for risk events that have more of a widespread impact, such as geopolitical, macroeconomic, and natural disasters, the metrics tend to use composite indices, with the data often needing to be sourced from third parties and usually at a cost.
While the selection of risk metrics may be daunting, one of the biggest mistakes that can be made is not to select or utilize any. At the onset of the risk assessment, measurement, and management journey, metrics that make the most sense at the present time should be chosen, with the realization, however, that they may need to be reviewed and refined over time as more data becomes available.
Risk metrics as part of a healthy risk culture
The effective use of risk metrics is part of the broader risk assessment, measurement, and management processes. These processes should be integrated throughout the supplier lifecycle including supplier discovery, assessment, selection, onboarding, source-to-pay, performance management, and relationship termination. But the integrative glue that holds everything together is the presence of a risk management culture.
A company with a mature risk management culture understands the risk the organizations is exposed to and has confidence in the way they can manage risks. As a risk culture strengthens, so will the understanding of what risks fall above or below the company’s risk appetite, which will determine the appropriate risk response. Selecting and using the best risk metrics is an important part of this process and supports the development of a healthy risk management culture.
Risk metrics resources for everyone
Download the list of risk metrics
Download a 1-page list of risk metrics by logging into the CAPS Library. If you don't have an account, simply create one for free. Your account will give you access to more than 30 years of KPIs, best practices, and thought leadership.
Members can access the original research report, Measuring and Managing Risks in the Supply Chain. Reports released within the last four years are reserved for members.